SoheilKhodayari / TheThing
TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆40Updated last year
Related projects ⓘ
Alternatives and complementary repositories for TheThing
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆56Updated 9 months ago
- Same Origin XSS challenge☆56Updated 2 years ago
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆49Updated this week
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆43Updated this week
- Awesome MXSS ??☆45Updated last month
- List of Trusted Types bypasses☆85Updated 6 months ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆99Updated 3 weeks ago
- This is the data that powers the PortSwigger URL validation bypass cheat sheet.☆29Updated 2 weeks ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆132Updated 2 months ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆11Updated 3 weeks ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆51Updated 5 months ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆41Updated 2 years ago
- XS-Leak Browser Test Suite☆73Updated 10 months ago
- A collection of my Semgrep rules☆47Updated last year
- ☆158Updated 3 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆11Updated last year
- Testability Pattern Catalogs for SAST☆29Updated 7 months ago
- ☆13Updated 2 months ago
- Utility for creating ZipSlip archives☆66Updated last year
- jws2pubkey tool☆37Updated 5 months ago
- ☆92Updated 3 years ago
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- Prototype Pollution exploits collection☆30Updated 3 years ago
- An extension to use Semgrep inside Burp Suite.☆87Updated last year
- ☆31Updated last year
- Blog about HTTP Request Smuggling, including a demo application.☆23Updated 2 years ago
- PP-finder Help you find gadget for prototype pollution exploitation☆137Updated 3 months ago